Printable View
Im a good PHP coder. I have designed my own login/register system. I got everything working as it should be. There is one problem. I want to hide the login form when you login. Can someone point me out a tut or give me a code that shows me how to hide that login form when you login.
When you're logged in? Maybe try something like:
PHP Code:
if(!isset($_SESSION['username'])){ //If this session is empty, or doesn't exist.
//Code here.. maybe a redirect?
}
elseif(isset($_SESSION['username'])){ //If the session variable contains something.
//Code here.. maybe the user's info?
}
Not what i need but ill see what i can do with it...Quote:
Originally Posted by MeetMeInHabbo
just a question?
if you consider your self a good php programmer, how come you couldnt answer your own simple question?
You sometimes need help along the way, maybe he forgot.. i usually do that, code a bit.. then go what? , but i have previously found the awnser.
Usually i may forget some codes and how to code some items so i need to refresh my memory.Quote:
Originally Posted by holthelper
I'm sorry but hiding the login form when a session is present is one of the easiest and most basic things to having a login system..
When the user logs in, set $_SESSION['name'] equal to their username. Then just check to see if it's set; if it is set, do nothing (or show a control panel or something). If it's not set, show the login form..
A conditional statement may be one of the easiest things in PHP, but a concept of Permission-based security is certainly not.Quote:
Originally Posted by itjx3
Hiding a log-in form is a few lines of code around the form... Then a few more lines to hide the register form.. Then a few more to show the Update Account form, and hide it from everyone else.. - that's assuming all there is, is user log-in stuff.
Then if something gets changed, say, you want to do it by rank now, then you'd have to go and change each form/application which uses $_SESSION['user'].
Imagine a whole web-site full of apps like these? It's better to use a separate file for each task that can be rank/user protected, and include it through a single, simple, mechanism which makes the code much more pleasant and easy to work with in the long-run.
http://forum.ragezone.com/f578/mysql...-files-650548/
Now you can have a rank/user powered permission system. I'll agree, it's not the simplest solution, but in the long-term it can help prevent [ame="http://en.wikipedia.org/wiki/Spaghetti_code"]spaghetti-code[/ame] from happening. (Which I've found to be a problem with bright new PHP developers..)
Thats a pure lie, you either know PHP or you dont.Quote:
Originally Posted by mickeydels1
---------- Post added at 09:27 PM ---------- Previous post was at 09:26 PM ----------
PHP Code:if(isset($_SESSION['somesession'])){
//welcome sir
}else{
//form
}
Yes and those who do know but "forgot" always know how to use the interwebzzz or php.net ;)Quote:
Originally Posted by Superfun
then how did you program your login?Quote:
Originally Posted by mickeydels1
Well first off, im trying my best to get this code, My login system is not like working with it.
---------- Post added at 12:45 AM ---------- Previous post was at 12:22 AM ----------
Ok, I got it going :P
is not like working?Quote:
Originally Posted by mickeydels1
my question is, how are you able to program a login system and keep that person logged in?
They have a session.Quote:
Originally Posted by holthelper
1. Sessions are bad. Use cookies.
2. if(!isset($_SESSION['username']) is bad, for a user could create a session called username and the system would log him in without even checking if the user exists. (I know this is kind of hard with sessions, but still.)
3. Use oop.
Woah o-o how would that happen?Quote:
Originally Posted by Pieman
It probably won't, unless you're some kind of über hacker, but that's not the point. The point is that it's bad practice.
Well, if you state it like that, then cookies are bad as wel :)Quote:
Originally Posted by Pieman
As a developer you should know ways to make it more secure... It isn't cookies or sessions.. hell you could even use just text files.. as long as you have a way to make it secure :)
Also cookies can be tampered with :)
Damn I wasn't aware that it was bad practice, but as Way[2]Death says, I always thought that cookies could be messed with. I actually thought that they were more vulnerable than using $_SESSION['name']. The only way to set $_SESSION['name'] is through the login unless you allow user input and don't block the use of PHP functions o.oQuote:
Originally Posted by Pieman
What are your suggestions on securing these things? :PQuote:
Originally Posted by Way[2]Death
ok?Quote:
Originally Posted by mickeydels1
im failing to understand why you just didnt add a check in your register system to see if a session exists...
Well the thing is, cookies are saved on your PC.. there are lots of easy ways to see these, edit them or even steal them from other people, session on the other hand are easier to secure.Quote:
Originally Posted by Trahb
The thing with sessions is that it can be "hijacked" by simply stealing someone's session id.. with a few adjustments you could prevent session hijacking..
anyone who is interested should check: http://phpsec.org/projects/guide/4.html
If you use cookies. You can use same "isset and !isset" thing with $_COOKIE.
sessions are also stored on the computer...Quote:
Originally Posted by Way[2]Death
EDIT:
opps i mean they are stored on the server. which is a computer
Needless to say, it's actually the exact opposite as what you said. I assume it was a mistype. Well, To use OOP is good and all, but it's certainly not bad if you use procedural for small web-apps.. How do you suppose one write elegant OOP when one can't even master procedural? You've got to walk before you can crawl now??? It's bad practice to crawl, so all you toddlers, GET WALKIN'! OOP should be learned, it's VERY good to learn and use, but if you can't code functions, then you're not going to grasp OOP. Start with variables, goto conditionals, move onto loops, then goto functions, THEN goto OOP style... That's pushing it, you really should know a whole list of built-in functions first, too.Quote:
Originally Posted by Pieman
@other posts
isset() doesn't "protect" anything, if a variable is set, that doesn't make it secure. If you're administration panel is behind "isset" function, that's really funny.. Especially with cookies, that's like the easiest variable to set/change next to GET~ with POST not too far behind. $_SESSION variables WILL NOT be individually set or changed. An entire session key can be generated or stolen, but.. that's so far-fetched, and it assumes the attacked individual is infected with some sort of cookie sniffer, keylogger, or trojan already. (or a victim to the ever-popular, "copy your address bar for free cash!" (in the case the session ID is in GET instead of Cookie, which is hardly less secure except in terms of social hacking idiots.)
It only makes sense to use sessions. If you rely solely on cookies, it's just asking for scary trouble.
Also, with a few simple adjustments... Way[2]Death is so right on it's ridiculous. I have nothing more to say. :thumbup1:
Another way would be.
:3 GLHF!PHP Code:if(session_is_registered(LoggedIn)) {
echo 'meow :3';
}